Context Navigation

(I thought I'd published this as I had been trying this out, only to realise that this was mostly redundant with the LdapAuthStorePlugin shortly afterwards. I'll compare and provide contributions for the LdapAuthStorePlugin instead.)

LdapAccountManagerPasswordStore

I've tried to integrate the LdapPlugin with the AccountManagerPlugin, so as to be able to authenticate via the form provided via the account manager (instead of relying on Apache Httpd or other server authentication) and manage passwords.

Configuration

There is no major change compared with the LdapPlugin configuration. You'll probably need to bind the user to something that is allowed to list users and change passwords in your LDAP server (see bind_user).

Extra notes

This is an early implementation, rely on it at your own risks.

Relying on IPasswordStore.get_users() might not be ideal for a large LDAP directory (displaying on the admin page might not be appropriate in this case). Currently, the AccountManagerPlugin preference panel relies on calling this to display the preference panel for a given user, rather than using has_user().

LDAP could be a good place to store the user full name and e-mail address. Unfortunately, this seems harder to hook into Trac since (at least in version 0.11), this is handled separately in the main SQL database by the core API.

Setting the password will currently use the {SHA} method in LDAP. Other methods could be implemented.

Author

This code was developed by Bruno Harbulot (bruno -- distributedmatter.net), based on the existing code in the LdapPlugin.